arno
/
hashcat
mirror of https://github.com/hashcat/hashcat.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added hash-mode 2501 = WPA/WPA2 PMK

Browse Source 
Fixes https://github.com/hashcat/hashcat/issues/1287
Limited hash-mode 2500 to max length 63
Fixes https://github.com/hashcat/hashcat/issues/1286
pull/1288/head
jsteube 7 years ago
parent 91f7acbde3
commit fc100a852b
16 changed files with 543 additions and 23 deletions
Show Stats Download Patch File Download Diff File

6
OpenCL/inc_types.cl
Unescape View File

@ -1153,6 +1153,12 @@ typedef struct wpa_tmp
} wpa_tmp_t;
typedef struct wpapmk_tmp
{
u32 out[8];
} wpapmk_tmp_t;
typedef struct bitcoin_wallet_tmp
{
u64 dgst[8];

463
OpenCL/m02501.cl
Unescape View File

@ -0,0 +1,463 @@
/**
* Author......: See docs/credits.txt
* License.....: MIT
*/
#define NEW_SIMD_CODE
#include "inc_vendor.cl"
#include "inc_hash_constants.h"
#include "inc_hash_functions.cl"
#include "inc_types.cl"
#include "inc_common.cl"
#include "inc_simd.cl"
#include "inc_hash_md5.cl"
#include "inc_hash_sha1.cl"
#define COMPARE_S "inc_comp_single.cl"
#define COMPARE_M "inc_comp_multi.cl"
inline u8 hex_convert (const u8 c)
{
return (c & 15) + (c >> 6) * 9;
}
inline u8 hex_to_u8 (const u8 hex[2])
{
u8 v = 0;
v |= ((u8) hex_convert (hex[1]) << 0);
v |= ((u8) hex_convert (hex[0]) << 4);
return (v);
}
__kernel void m02501_init (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpapmk_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 in[16];
in[ 0] = pws[gid].i[ 0];
in[ 1] = pws[gid].i[ 1];
in[ 2] = pws[gid].i[ 2];
in[ 3] = pws[gid].i[ 3];
in[ 4] = pws[gid].i[ 4];
in[ 5] = pws[gid].i[ 5];
in[ 6] = pws[gid].i[ 6];
in[ 7] = pws[gid].i[ 7];
in[ 8] = pws[gid].i[ 8];
in[ 9] = pws[gid].i[ 9];
in[10] = pws[gid].i[10];
in[11] = pws[gid].i[11];
in[12] = pws[gid].i[12];
in[13] = pws[gid].i[13];
in[14] = pws[gid].i[14];
in[15] = pws[gid].i[15];
u8 *in_ptr = (u8 *) in;
u32 out[8];
u8 *out_ptr = (u8 *) out;
for (int i = 0, j = 0; i < 32; i += 1, j += 2)
{
out_ptr[i] = hex_to_u8 (in_ptr + j);
}
tmps[gid].out[0] = swap32 (out[0]);
tmps[gid].out[1] = swap32 (out[1]);
tmps[gid].out[2] = swap32 (out[2]);
tmps[gid].out[3] = swap32 (out[3]);
tmps[gid].out[4] = swap32 (out[4]);
tmps[gid].out[5] = swap32 (out[5]);
tmps[gid].out[6] = swap32 (out[6]);
tmps[gid].out[7] = swap32 (out[7]);
}
__kernel void m02501_loop (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpapmk_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
}
__kernel void m02501_comp (__global pw_t *pws, __global const kernel_rule_t *rules_buf, __global const pw_t *combs_buf, __global const bf_t *bfs_buf, __global wpapmk_tmp_t *tmps, __global void *hooks, __global const u32 *bitmaps_buf_s1_a, __global const u32 *bitmaps_buf_s1_b, __global const u32 *bitmaps_buf_s1_c, __global const u32 *bitmaps_buf_s1_d, __global const u32 *bitmaps_buf_s2_a, __global const u32 *bitmaps_buf_s2_b, __global const u32 *bitmaps_buf_s2_c, __global const u32 *bitmaps_buf_s2_d, __global plain_t *plains_buf, __global const digest_t *digests_buf, __global u32 *hashes_shown, __global const salt_t *salt_bufs, __global const wpa_t *wpa_bufs, __global u32 *d_return_buf, __global u32 *d_scryptV0_buf, __global u32 *d_scryptV1_buf, __global u32 *d_scryptV2_buf, __global u32 *d_scryptV3_buf, const u32 bitmap_mask, const u32 bitmap_shift1, const u32 bitmap_shift2, const u32 salt_pos, const u32 loop_pos, const u32 loop_cnt, const u32 il_cnt, const u32 digests_cnt, const u32 digests_offset, const u32 combs_mode, const u32 gid_max)
{
const u32 gid = get_global_id (0);
if (gid >= gid_max) return;
u32 out[8];
out[0] = tmps[gid].out[0];
out[1] = tmps[gid].out[1];
out[2] = tmps[gid].out[2];
out[3] = tmps[gid].out[3];
out[4] = tmps[gid].out[4];
out[5] = tmps[gid].out[5];
out[6] = tmps[gid].out[6];
out[7] = tmps[gid].out[7];
const u32 lid = get_local_id (0);
const u32 digest_pos = loop_pos;
const u32 digest_cur = digests_offset + digest_pos;
__global const wpa_t *wpa = &wpa_bufs[digest_cur];
u32 pke[32];
pke[ 0] = wpa->pke[ 0];
pke[ 1] = wpa->pke[ 1];
pke[ 2] = wpa->pke[ 2];
pke[ 3] = wpa->pke[ 3];
pke[ 4] = wpa->pke[ 4];
pke[ 5] = wpa->pke[ 5];
pke[ 6] = wpa->pke[ 6];
pke[ 7] = wpa->pke[ 7];
pke[ 8] = wpa->pke[ 8];
pke[ 9] = wpa->pke[ 9];
pke[10] = wpa->pke[10];
pke[11] = wpa->pke[11];
pke[12] = wpa->pke[12];
pke[13] = wpa->pke[13];
pke[14] = wpa->pke[14];
pke[15] = wpa->pke[15];
pke[16] = wpa->pke[16];
pke[17] = wpa->pke[17];
pke[18] = wpa->pke[18];
pke[19] = wpa->pke[19];
pke[20] = wpa->pke[20];
pke[21] = wpa->pke[21];
pke[22] = wpa->pke[22];
pke[23] = wpa->pke[23];
pke[24] = wpa->pke[24];
pke[25] = 0;
pke[26] = 0;
pke[27] = 0;
pke[28] = 0;
pke[29] = 0;
pke[30] = 0;
pke[31] = 0;
u32 to;
if (wpa->nonce_compare < 0)
{
to = pke[15] << 24
| pke[16] >> 8;
}
else
{
to = pke[23] << 24
| pke[24] >> 8;
}
const u32 nonce_error_corrections = wpa->nonce_error_corrections;
for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++)
{
u32 t = to;
t = swap32_S (t);
t -= nonce_error_corrections / 2;
t += nonce_error_correction;
t = swap32_S (t);
if (wpa->nonce_compare < 0)
{
pke[15] = (pke[15] & ~0x000000ff) | (t >> 24);
pke[16] = (pke[16] & ~0xffffff00) | (t << 8);
}
else
{
pke[23] = (pke[23] & ~0x000000ff) | (t >> 24);
pke[24] = (pke[24] & ~0xffffff00) | (t << 8);
}
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = out[0];
w0[1] = out[1];
w0[2] = out[2];
w0[3] = out[3];
w1[0] = out[4];
w1[1] = out[5];
w1[2] = out[6];
w1[3] = out[7];
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
sha1_hmac_ctx_t ctx1;
sha1_hmac_init (&ctx1, w0, w1, w2, w3);
sha1_hmac_update (&ctx1, pke, 100);
sha1_hmac_final (&ctx1);
u32 digest[4];
digest[0] = ctx1.opad.h[0];
digest[1] = ctx1.opad.h[1];
digest[2] = ctx1.opad.h[2];
digest[3] = ctx1.opad.h[3];
if (wpa->keyver == 1)
{
u32 t0[4];
u32 t1[4];
u32 t2[4];
u32 t3[4];
t0[0] = swap32_S (digest[0]);
t0[1] = swap32_S (digest[1]);
t0[2] = swap32_S (digest[2]);
t0[3] = swap32_S (digest[3]);
t1[0] = 0;
t1[1] = 0;
t1[2] = 0;
t1[3] = 0;
t2[0] = 0;
t2[1] = 0;
t2[2] = 0;
t2[3] = 0;
t3[0] = 0;
t3[1] = 0;
t3[2] = 0;
t3[3] = 0;
md5_hmac_ctx_t ctx2;
md5_hmac_init (&ctx2, t0, t1, t2, t3);
md5_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len);
md5_hmac_final (&ctx2);
digest[0] = ctx2.opad.h[0];
digest[1] = ctx2.opad.h[1];
digest[2] = ctx2.opad.h[2];
digest[3] = ctx2.opad.h[3];
}
else
{
u32 t0[4];
u32 t1[4];
u32 t2[4];
u32 t3[4];
t0[0] = digest[0];
t0[1] = digest[1];
t0[2] = digest[2];
t0[3] = digest[3];
t1[0] = 0;
t1[1] = 0;
t1[2] = 0;
t1[3] = 0;
t2[0] = 0;
t2[1] = 0;
t2[2] = 0;
t2[3] = 0;
t3[0] = 0;
t3[1] = 0;
t3[2] = 0;
t3[3] = 0;
sha1_hmac_ctx_t ctx2;
sha1_hmac_init (&ctx2, t0, t1, t2, t3);
sha1_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len);
sha1_hmac_final (&ctx2);
digest[0] = ctx2.opad.h[0];
digest[1] = ctx2.opad.h[1];
digest[2] = ctx2.opad.h[2];
digest[3] = ctx2.opad.h[3];
}
/**
* final compare
*/
if ((digest[0] == wpa->keymic[0])
&& (digest[1] == wpa->keymic[1])
&& (digest[2] == wpa->keymic[2])
&& (digest[3] == wpa->keymic[3]))
{
if (atomic_inc (&hashes_shown[digest_cur]) == 0)
{
mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0);
}
}
}
// the same code again, but with BE order for the t++
for (u32 nonce_error_correction = 0; nonce_error_correction <= nonce_error_corrections; nonce_error_correction++)
{
u32 t = to;
t -= nonce_error_corrections / 2;
t += nonce_error_correction;
if (t == to) continue; // we already had this checked in the LE loop
if (wpa->nonce_compare < 0)
{
pke[15] = (pke[15] & ~0x000000ff) | (t >> 24);
pke[16] = (pke[16] & ~0xffffff00) | (t << 8);
}
else
{
pke[23] = (pke[23] & ~0x000000ff) | (t >> 24);
pke[24] = (pke[24] & ~0xffffff00) | (t << 8);
}
u32 w0[4];
u32 w1[4];
u32 w2[4];
u32 w3[4];
w0[0] = out[0];
w0[1] = out[1];
w0[2] = out[2];
w0[3] = out[3];
w1[0] = out[4];
w1[1] = out[5];
w1[2] = out[6];
w1[3] = out[7];
w2[0] = 0;
w2[1] = 0;
w2[2] = 0;
w2[3] = 0;
w3[0] = 0;
w3[1] = 0;
w3[2] = 0;
w3[3] = 0;
sha1_hmac_ctx_t ctx1;
sha1_hmac_init (&ctx1, w0, w1, w2, w3);
sha1_hmac_update (&ctx1, pke, 100);
sha1_hmac_final (&ctx1);
u32 digest[4];
digest[0] = ctx1.opad.h[0];
digest[1] = ctx1.opad.h[1];
digest[2] = ctx1.opad.h[2];
digest[3] = ctx1.opad.h[3];
if (wpa->keyver == 1)
{
u32 t0[4];
u32 t1[4];
u32 t2[4];
u32 t3[4];
t0[0] = swap32_S (digest[0]);
t0[1] = swap32_S (digest[1]);
t0[2] = swap32_S (digest[2]);
t0[3] = swap32_S (digest[3]);
t1[0] = 0;
t1[1] = 0;
t1[2] = 0;
t1[3] = 0;
t2[0] = 0;
t2[1] = 0;
t2[2] = 0;
t2[3] = 0;
t3[0] = 0;
t3[1] = 0;
t3[2] = 0;
t3[3] = 0;
md5_hmac_ctx_t ctx2;
md5_hmac_init (&ctx2, t0, t1, t2, t3);
md5_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len);
md5_hmac_final (&ctx2);
digest[0] = ctx2.opad.h[0];
digest[1] = ctx2.opad.h[1];
digest[2] = ctx2.opad.h[2];
digest[3] = ctx2.opad.h[3];
}
else
{
u32 t0[4];
u32 t1[4];
u32 t2[4];
u32 t3[4];
t0[0] = digest[0];
t0[1] = digest[1];
t0[2] = digest[2];
t0[3] = digest[3];
t1[0] = 0;
t1[1] = 0;
t1[2] = 0;
t1[3] = 0;
t2[0] = 0;
t2[1] = 0;
t2[2] = 0;
t2[3] = 0;
t3[0] = 0;
t3[1] = 0;
t3[2] = 0;
t3[3] = 0;
sha1_hmac_ctx_t ctx2;
sha1_hmac_init (&ctx2, t0, t1, t2, t3);
sha1_hmac_update_global (&ctx2, wpa->eapol, wpa->eapol_len);
sha1_hmac_final (&ctx2);
digest[0] = ctx2.opad.h[0];
digest[1] = ctx2.opad.h[1];
digest[2] = ctx2.opad.h[2];
digest[3] = ctx2.opad.h[3];
}
/**
* final compare
*/
if ((digest[0] == wpa->keymic[0])
&& (digest[1] == wpa->keymic[1])
&& (digest[2] == wpa->keymic[2])
&& (digest[3] == wpa->keymic[3]))
{
if (atomic_inc (&hashes_shown[digest_cur]) == 0)
{
mark_hash (plains_buf, d_return_buf, salt_pos, digests_cnt, digest_pos, digest_cur, gid, 0);
}
}
}
}

6
docs/changes.txt
Unescape View File

@ -1,5 +1,11 @@
* changes v3.6.0 -> xxx:
##
## Algorithms
##
- Added hash-mode 2501 = WPA/WPA2 PMK
##
## Features
##

4
docs/readme.txt
Unescape View File

@ -133,8 +133,8 @@ NVIDIA GPUs require "NVIDIA Driver" (367.x or later)
- MySQL CRAM (SHA1)
- PostgreSQL CRAM (MD5)
- SIP digest authentication (MD5)
- WPA
- WPA2
- WPA/WPA2
- WPA/WPA2 PMK
- NetNTLMv1
- NetNTLMv1+ESS
- NetNTLMv2

2
extra/tab_completion/hashcat.sh
Unescape View File

@ -176,7 +176,7 @@ _hashcat ()
{
local VERSION=3.6.0
local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700"
local HASH_MODES="0 10 11 12 20 21 22 23 30 40 50 60 100 101 110 111 112 120 121 122 124 130 131 132 133 140 141 150 160 200 300 400 500 501 600 900 1000 1100 1400 1410 1411 1420 1421 1430 1440 1441 1450 1460 1500 1600 1700 1710 1711 1720 1722 1730 1731 1740 1750 1760 1800 2100 2400 2410 2500 2501 2600 2611 2612 2711 2811 3000 3100 3200 3710 3711 3800 3910 4010 4110 4300 4400 4500 4520 4521 4522 4700 4800 4900 5000 5100 5200 5300 5400 5500 5600 5700 5800 6000 6100 6211 6212 6213 6221 6222 6223 6231 6232 6233 6241 6242 6243 6300 6400 6500 6600 6700 6800 6900 7000 7100 7200 7300 7400 7500 7700 7800 7900 8000 8100 8200 8300 8400 8500 8600 8700 8800 8900 9000 9100 9200 9300 9400 9500 9600 9700 9710 9720 9800 9810 9820 9900 10000 10100 10200 10300 10400 10410 10420 10500 10600 10700 10800 10900 11000 11100 11200 11300 11400 11500 11600 11700 11800 11900 12000 12001 12100 12200 12300 12400 12500 12600 12700 12800 12900 13000 13100 13200 13300 13400 13500 13600 13800 13900 14000 14100 14700 14800 14900 15000 15100 15200 15300 15400 15500 15600 15700"
local ATTACK_MODES="0 1 3 6 7"
local HCCAPX_MESSAGE_PAIR="0 1 2 3 4 5"
local OUTFILE_FORMATS="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15"

12
include/interface.h
Unescape View File

@ -551,6 +551,12 @@ typedef struct wpa_tmp
} wpa_tmp_t;
typedef struct wpapmk_tmp
{
u32 out[8];
} wpapmk_tmp_t;
typedef struct bitcoin_wallet_tmp
{
u64 dgst[8];
@ -1062,8 +1068,6 @@ typedef enum display_len
DISPLAY_LEN_MAX_2410 = 16 + 1 + 16,
DISPLAY_LEN_MIN_2410H = 16 + 1 + 0,
DISPLAY_LEN_MAX_2410H = 16 + 1 + 32,
DISPLAY_LEN_MIN_2500 = 64 + 1 + 0,
DISPLAY_LEN_MAX_2500 = 64 + 1 + 15,
DISPLAY_LEN_MIN_2600 = 32,
DISPLAY_LEN_MAX_2600 = 32,
DISPLAY_LEN_MIN_3000 = 16,
@ -1476,6 +1480,7 @@ typedef enum kern_type
KERN_TYPE_MD5PIX = 2400,
KERN_TYPE_MD5ASA = 2410,
KERN_TYPE_WPA = 2500,
KERN_TYPE_WPAPMK = 2501,
KERN_TYPE_MD55 = 2600,
KERN_TYPE_MD55_PWSLT1 = 2610,
KERN_TYPE_MD55_PWSLT2 = 2710,
@ -1632,7 +1637,8 @@ typedef enum rounds_count
{
ROUNDS_PHPASS = (1 << 11), // $P$B
ROUNDS_DCC2 = 10240,
ROUNDS_WPA2 = 4096,
ROUNDS_WPA = 4096,
ROUNDS_WPAPMK = 1,
ROUNDS_BCRYPT = (1 << 5),
ROUNDS_PSAFE3 = 2048,
ROUNDS_ANDROIDPIN = 1024,

3
src/benchmark.c
Unescape View File

@ -6,7 +6,7 @@
#include "common.h"
#include "benchmark.h"
const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 154;
const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_CNT = 155;
const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] =
{
@ -35,6 +35,7 @@ const unsigned int DEFAULT_BENCHMARK_ALGORITHMS_BUF[] =
12100,
23,
2500,
2501,
5300,
5400,
5500,

10
src/hashes.c
Unescape View File

@ -165,7 +165,7 @@ int save_hash (hashcat_ctx_t *hashcat_ctx)
if (hashconfig->opts_type & OPTS_TYPE_BINARY_HASHFILE)
{
if (hashconfig->hash_mode == 2500)
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
hccapx_t hccapx;
@ -467,7 +467,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
if (hashlist_mode == HL_MODE_ARG)
{
if (hashconfig->hash_mode == 2500)
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
hc_stat_t st;
@ -734,7 +734,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
int parser_status = PARSER_OK;
if (hashconfig->hash_mode == 2500)
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
hashlist_mode = HL_MODE_FILE;
@ -773,7 +773,7 @@ int hashes_init_stage1 (hashcat_ctx_t *hashcat_ctx)
{
memset (hashes_buf[hashes_cnt].esalt, 0, hashconfig->esalt_size);
if (user_options->hash_mode == 2500)
if ((user_options->hash_mode == 2500) || (user_options->hash_mode == 2501))
{
wpa_t *wpa = (wpa_t *) hashes_buf[hashes_cnt].esalt;
@ -1556,7 +1556,7 @@ int hashes_init_selftest (hashcat_ctx_t *hashcat_ctx)
int parser_status;
if (hashconfig->hash_mode == 2500)
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
char *tmpdata = (char *) hcmalloc (sizeof (hccapx_t));

44
src/interface.c
Unescape View File

@ -26,6 +26,7 @@ static char ST_PASS_HASHCAT_EXCL[] = "hashcat!";
static char ST_PASS_HASHCAT_EXCL3[] = "hashcat!!!";
static char ST_PASS_HASHCAT_ONE[] = "hashcat1";
static char ST_PASS_HASHCAT_ONET3[] = "hashcat1hashcat1hashcat1";
static char ST_PASS_HEX_02501[] = "d57c2900bd83d5098003bf803ad7e204260a84ac164f12e03552d92280a6943e";
static char ST_PASS_BIN_09710[] = "\x91\xb2\xe0\x62\xb9";
static char ST_PASS_BIN_09810[] = "\xb8\xf6\x36\x19\xca";
static char ST_PASS_BIN_10410[] = "\x6a\x8a\xed\xcc\xb7";
@ -105,6 +106,7 @@ static char ST_HASH_01800[] = "$6$72820166$U4DVzpcYxgw7MVVDGGvB2/H5lRistD5.Ah4up
static char ST_HASH_02100[] = "$DCC2$10240#6848#e2829c8af2232fa53797e2f0e35e4626";
static char ST_HASH_02400[] = "dRRVnUmUHXOTt9nk";
static char ST_HASH_02500[] = "4843505804000000000235380000000000000000000000000000000000000000000000000000000000000151aecc428f182acefbd1a9e62d369a079265784da83ba4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b823a1cd402aed449cced04f552c5b5acfebf06ae96a09c96d9a01c443a17aa62258c4f651a68aa67b0001030077fe010900200000000000000001a4cf88375c44c830e6e5aa5d6faf352aa496a9ee129fb8292f7435df5420b8230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018dd160050f20101000050f20201000050f20201000050f20200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
static char ST_HASH_02501[] = "48435058040000000013303638353333303430353632363637323238330000000000000000000000000002aa8c03531d05376358e25a5248ba2b45e2a2c5d4cf88d71258a797ac501653bbbb4512d8f1ab32584641df9e40e098c5df48acc3baa9ba60ea99968f9377d8a596d33fd762366677b37683fc00693899edc9569c284cbe15c570f56379000103007501010a00000000000000000001d71258a797ac501653bbbb4512d8f1ab32584641df9e40e098c5df48acc3baa9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001630140100000fac040100000fac040100000fac020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";
static char ST_HASH_02410[] = "YjDBNr.A0AN7DA8s:4684";
static char ST_HASH_02600[] = "a936af92b0ae20b1ff6c3347a72e5fbe";
static char ST_HASH_02611[] = "28f9975808ae2bdc5847b1cda26033ea:308";
@ -365,6 +367,7 @@ static const char HT_02100[] = "Domain Cached Credentials 2 (DCC2), MS Cache 2";
static const char HT_02400[] = "Cisco-PIX MD5";
static const char HT_02410[] = "Cisco-ASA MD5";
static const char HT_02500[] = "WPA/WPA2";
static const char HT_02501[] = "WPA/WPA2 PMK";
static const char HT_02600[] = "md5(md5($pass))";
static const char HT_03000[] = "LM";
static const char HT_03100[] = "Oracle H: Type (Oracle 7+)";
@ -3304,7 +3307,7 @@ int wpa_parse_hash (u8 *input_buf, u32 input_len, hash_t *hash_buf, MAYBE_UNUSED
salt->salt_len = salt_len;
salt->salt_iter = ROUNDS_WPA2 - 1;
salt->salt_iter = ROUNDS_WPA - 1;
memcpy (wpa->essid, in.essid, in.essid_len);
@ -15910,6 +15913,7 @@ char *strhashtype (const u32 hash_mode)
case 2400: return ((char *) HT_02400);
case 2410: return ((char *) HT_02410);
case 2500: return ((char *) HT_02500);
case 2501: return ((char *) HT_02501);
case 2600: return ((char *) HT_02600);
case 2611: return ((char *) HT_02611);
case 2612: return ((char *) HT_02612);
@ -16947,7 +16951,7 @@ int ascii_digest (hashcat_ctx_t *hashcat_ctx, char *out_buf, const size_t out_le
out_buf[16] = 0;
}
else if (hash_mode == 2500)
else if ((hash_mode == 2500) || (hash_mode == 2501))
{
wpa_t *wpas = (wpa_t *) esalts_buf;
@ -21258,6 +21262,24 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
hashconfig->st_pass = ST_PASS_HASHCAT_EXCL;
break;
case 2501: hashconfig->hash_type = HASH_TYPE_WPA;
hashconfig->salt_type = SALT_TYPE_EMBEDDED;
hashconfig->attack_exec = ATTACK_EXEC_OUTSIDE_KERNEL;
hashconfig->opts_type = OPTS_TYPE_PT_GENERATE_LE
| OPTS_TYPE_BINARY_HASHFILE;
hashconfig->kern_type = KERN_TYPE_WPAPMK;
hashconfig->dgst_size = DGST_SIZE_4_4;
hashconfig->parse_func = wpa_parse_hash;
hashconfig->opti_type = OPTI_TYPE_ZERO_BYTE
| OPTI_TYPE_SLOW_HASH_SIMD_LOOP;
hashconfig->dgst_pos0 = 0;
hashconfig->dgst_pos1 = 1;
hashconfig->dgst_pos2 = 2;
hashconfig->dgst_pos3 = 3;
hashconfig->st_hash = ST_HASH_02501;
hashconfig->st_pass = ST_PASS_HEX_02501;
break;
case 2600: hashconfig->hash_type = HASH_TYPE_MD5;
hashconfig->salt_type = SALT_TYPE_VIRTUAL;
hashconfig->attack_exec = ATTACK_EXEC_INSIDE_KERNEL;
@ -24322,6 +24344,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
{
case 600: hashconfig->esalt_size = sizeof (blake2_t); break;
case 2500: hashconfig->esalt_size = sizeof (wpa_t); break;
case 2501: hashconfig->esalt_size = sizeof (wpa_t); break;
case 5300: hashconfig->esalt_size = sizeof (ikepsk_t); break;
case 5400: hashconfig->esalt_size = sizeof (ikepsk_t); break;
case 5500: hashconfig->esalt_size = sizeof (netntlm_t); break;
@ -24426,6 +24449,7 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
case 1800: hashconfig->tmp_size = sizeof (sha512crypt_tmp_t); break;
case 2100: hashconfig->tmp_size = sizeof (dcc2_tmp_t); break;
case 2500: hashconfig->tmp_size = sizeof (wpa_tmp_t); break;
case 2501: hashconfig->tmp_size = sizeof (wpapmk_tmp_t); break;
case 3200: hashconfig->tmp_size = sizeof (bcrypt_tmp_t); break;
case 5200: hashconfig->tmp_size = sizeof (pwsafe3_tmp_t); break;
case 5800: hashconfig->tmp_size = sizeof (androidpin_tmp_t); break;
@ -24526,6 +24550,8 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
{
case 2500: hashconfig->pw_min = 8; // WPA min
break;
case 2501: hashconfig->pw_min = 64; // WPA PMK min
break;
case 9710: hashconfig->pw_min = 5; // RC4-40 min
break;
case 9810: hashconfig->pw_min = 5; // RC4-40 min
@ -24612,7 +24638,9 @@ int hashconfig_init (hashcat_ctx_t *hashcat_ctx)
break;
case 2100: hashconfig->pw_max = 64; // PBKDF2-HMAC-SHA1 max
break;
case 2500: hashconfig->pw_max = 64; // PBKDF2-HMAC-SHA1 max
case 2500: hashconfig->pw_max = 63; // WPA max
break;
case 2501: hashconfig->pw_max = 64; // WPA PMK max
break;
case 3000: hashconfig->pw_max = 7; // LM half max
break;
@ -24848,6 +24876,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 2500: memcpy (salt->salt_buf, "hashcat.net", 11);
break;
case 2501: memcpy (salt->salt_buf, "hashcat.net", 11);
break;
case 3100: salt->salt_len = 1;
break;
case 5000: salt->keccak_mdlen = 32;
@ -24931,6 +24961,8 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
{
case 2500: ((wpa_t *) esalt)->eapol_len = 128;
break;
case 2501: ((wpa_t *) esalt)->eapol_len = 128;
break;
case 5300: ((ikepsk_t *) esalt)->nr_len = 1;
((ikepsk_t *) esalt)->msg_len = 1;
break;
@ -25016,7 +25048,9 @@ void hashconfig_benchmark_defaults (hashcat_ctx_t *hashcat_ctx, salt_t *salt, vo
break;
case 2100: salt->salt_iter = ROUNDS_DCC2;
break;
case 2500: salt->salt_iter = ROUNDS_WPA2;
case 2500: salt->salt_iter = ROUNDS_WPA;
break;
case 2501: salt->salt_iter = ROUNDS_WPAPMK;
break;
case 3200: salt->salt_iter = ROUNDS_BCRYPT;
break;
@ -25200,6 +25234,8 @@ const char *hashconfig_benchmark_mask (hashcat_ctx_t *hashcat_ctx)
{
case 2500: mask = "?a?a?a?a?a?a?a?a";
break;
case 2501: mask = "?a?a?a?a?a?a?a?axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
break;
case 9710: mask = "?b?b?b?b?b";
break;
case 9810: mask = "?b?b?b?b?b";

2
src/opencl.c
Unescape View File

@ -1350,7 +1350,7 @@ int choose_kernel (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param,
{
u32 loops_cnt = 1;
if (hashconfig->hash_mode == 2500)
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
loops_cnt = hashes->salts_buf[salt_pos].digests_cnt;
}

4
src/outfile_check.c
Unescape View File

@ -179,7 +179,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx)
int parser_status = PARSER_OK;
if ((hash_mode != 2500) && (hash_mode != 6800))
if ((hash_mode != 2500) && (hash_mode != 2501) && (hash_mode != 6800))
{
parser_status = hashconfig->parse_func ((u8 *) line_buf, line_len - 1, &hash_buf, hashconfig);
}
@ -209,7 +209,7 @@ static int outfile_remove (hashcat_ctx_t *hashcat_ctx)
cracked = (memcmp (line_buf, salt_buf->salt_buf, salt_buf->salt_len) == 0);
}
}
else if (hash_mode == 2500)
else if ((hash_mode == 2500) || (hash_mode == 2501))
{
// this comparison is a bit inaccurate as we compare only ESSID
// call it a bug, but it's good enough for a special case used in a special case

4
src/potfile.c
Unescape View File

@ -449,7 +449,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx)
found = (hash_t *) bsearch (&hash_buf, hashes_buf, hashes_cnt, sizeof (hash_t), sort_by_hash_t_salt);
}
}
else if (hashconfig->hash_mode == 2500)
else if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
// here we have in line_hash_buf: hash:macap:macsta:essid:password
@ -483,7 +483,7 @@ int potfile_remove_parse (hashcat_ctx_t *hashcat_ctx)
memcpy (hash_buf.salt->salt_buf, essid_pos, essid_len);
hash_buf.salt->salt_len = essid_len;
hash_buf.salt->salt_iter = ROUNDS_WPA2 - 1;
hash_buf.salt->salt_iter = ROUNDS_WPA - 1;
u32 hash[4];

2
src/selftest.c
Unescape View File

@ -412,7 +412,7 @@ static int selftest (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param
if (CL_rc == -1) return -1;
}
if (hashconfig->hash_mode == 2500)
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
device_param->kernel_params_buf32[28] = 0;
device_param->kernel_params_buf32[29] = 1;

2
src/status.c
Unescape View File

@ -249,7 +249,7 @@ const char *status_get_hash_target (const hashcat_ctx_t *hashcat_ctx)
if (hashes->digests_cnt == 1)
{
if (hashconfig->hash_mode == 2500)
if ((hashconfig->hash_mode == 2500) || (hashconfig->hash_mode == 2501))
{
char *tmp_buf = (char *) malloc (HCBUFSIZ_TINY);

1
src/usage.c
Unescape View File

@ -183,6 +183,7 @@ static const char *USAGE_BIG[] =
" 12100 | PBKDF2-HMAC-SHA512 | Generic KDF",
" 23 | Skype | Network Protocols",
" 2500 | WPA/WPA2 | Network Protocols",
" 2501 | WPA/WPA2 PMK | Network Protocols",
" 4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocols",
" 5300 | IKE-PSK MD5 | Network Protocols",
" 5400 | IKE-PSK SHA1 | Network Protocols",

1
src/user_options.c
Unescape View File

@ -512,6 +512,7 @@ int user_options_sanity (hashcat_ctx_t *hashcat_ctx)
if (user_options->username == true)
{
if ((user_options->hash_mode == 2500)
|| (user_options->hash_mode == 2501)
|| (user_options->hash_mode == 5200)
|| ((user_options->hash_mode >= 6200) && (user_options->hash_mode <= 6299))
|| ((user_options->hash_mode >= 13700) && (user_options->hash_mode <= 13799))

Write Preview
Loading…
Cancel
Save